harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ENT_COMPAT will only take care of double-quotes. Use double-quotes here to prevent XSS

Browse Source
This commit is contained in:
Mario Vavti
2019-03-18 13:19:24 +01:00
parent 51156d0582
commit a086745ec0
4 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Zotlabs/Module/Directory.php
View File

@@ -399,7 +399,7 @@ class Directory extends \Zotlabs\Web\Controller {
$dirtitle = (($globaldir) ? t('Global Directory') : t('Local Directory'));
$o .= "<script> var page_query = '" . escape_tags($_GET['q']) . "'; var extra_args = '" . extra_query_args() . "' ; divmore_height = " . intval($maxheight) . "; </script>";
$o .= '<script>var page_query = "' . escape_tags($_GET['q']) . '"; var extra_args = "' . extra_query_args() . '"; divmore_height = ' . intval($maxheight) . '; </script>';
$o .= replace_macros($tpl, array(
'$search' => $search,
'$desc' => t('Find'),